recaptcha broken

[My1]

well I wanted to give myself a secure login and enable recaptcha, and well I always get wrong captcha (recaptcha shows a tick so it's solved properly), but the keys are correct and they work, I already confirmed that with a test script where I use the same keys on the same domain, so that's that...

[My1]

still doesnt seem to work, well hasnt been working but then again this hasnt been updated for over a year.

[ervee]

Works like a charm on my setup. So the code is okay I guess. Do you have plugins in your browser (like AddBlockPlus, RequestPolicy, etc.) preventing the browser from displaying the Captcha content?

[My1]

the captcha displays fine. but the submission fails completely. I even have a small test page to test this: https://mail.my1.info/captcha-mail.php same keys with self-written captcha code

[pylorak]

Confirmed, recaptcha doesn't work. Plugin enabled, configured site- and secret keys. The I go to user login page, I enter the username, password, and captcha. The captcha tells me I entered it correctly, showing me its little green checkmark. Then I click login, and rainloop tells me that captcha verification failed.

reCaptcha works on other sites of mine on same server with same browser.

[ESVDESIGNER]

it seems like some error at plugin index.php, line 100 change

if (\is_array($aResp) && isset($aResp['success']) && $aResp['success'])

to

if (\is_array($aResp) && isset($aResp['success']))

then it will work

[My1]

but wouldnt that in contrast let everyone in? because according to the recaptcha API the success value will be set no matter what, and it will be either true or false and in case of false it means something is wrong. I think we should first look at the arrays content because maybe the invocation of the Recaptcha API is wrong, or something screws up there.

[My1]

to me rather than the if statement, the backslash before the is_array looks kinda weird, and the last part isnt even an isset but just a true/false evaluation, I mean, putting the backslash aside,

if (is_array($aResp) && isset($aResp['success']) && $aResp['success'])

in my opinion looks like:

if $aresp is an array AND $aresp["success"] is set (aka. contains some value) AND $aresp["success"] evaluates to true

-> THEN set the final result to true

which looks fine to me.

also why is there an @\ at $aResp = @\json_decode($sResult, true); I've honestly never seen such stuff.

[ESVDESIGNER]

just figure out, google captcha api requires using POST, instead of using get...the result returns from the get is "unknown error", so I change the code a little bit and it is working fine now.. Ignore my previous message, I thought the original author wrote isset with double $aResp['success'] in one (). No need to modify the previous code, but the code of retrieving data. I will post the code below later...have to go out and be back in 10 mins.

[My1]

weird. I've been doing it with GET for ages and even now it's working. this is what I use personally: $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$key."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']); testing page https://mail.my1.info/captcha-mail.php

edit: slight miss.

[ESVDESIGNER]

I modified from line 88, below $bResult = false, and above the line $sResult = xxxx within that function to use post method to get json result from google and it is working

google-captcha-using-post-method-index.php.zip

[ESVDESIGNER]

the back slash namespace usage is starting from php 5.3, http://www.php.net/manual/en/language.namespaces.rationale.php

[RainLoop]

Thanks, I fixed the code, but the previous code worked fine in my tests.

[arvanus]

Hello everyone. For some reason, my RainLoop plugin are using the old version of this patch... (I changed manually to the new one and it´s working now). But why it's not using the latest version? Someone can give me some ideia? Thanks! (I'm using RainLoop 1.13.0)